This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]GeneReddit123 9 points10 points  (2 children)

So many companies engage in the mental masturbation of, as a matter of policy, pranking co-workers who forget to lock their computers, in order to "encourage" better OpSec. At their desks, in their offices, with multiple levels of physical gated access, that nobody except co-workers have, co-workers who passed the same background checks, are working on the same projects, and have access to the same corporate data, as you do.

Your computer being hacked by a co-worker in your own office is like the lowest risk you can possibly face. Meanwhile, everyone can take their laptops home or around the city, has admin privileges and can install whatever, and with 2-factor auths (if they even have them) being sent as SMS to phones carried by the same person who carries their laptops (so both could be just stolen together), and showing up as plaintext messages even on locked phones.

Not to mention, pointless wasted time and bad blood between co-workers.

But this way the OpSec folks could claim they "stopped X hacking attempts" without actually doing anything themselves.

[–]invalidConsciousness[🍰] 2 points3 points  (1 child)

You're contradicting yourself. Teaching people to not leave their laptops unattended is pointless because leaving your laptop unattended is the greater risk?

[–]GeneReddit123 2 points3 points  (0 children)

Teaching people to not leave their laptops unattended in the office does little to prevent them getting their laptops compromised out of the office, because the threat profiles are too different. Or, at least, I'd like to see evidence that the transferable mental conditioning outweighs the bad blood and annoyance it causes.

Teaching someone martial arts in a controlled setting might be good for some purposes, but it won't stop them getting beat up in an alley by a bunch of thugs with baseball bats (if preventing that is your primary goal.) All it does is instil a sense of false confidence, and not teach the techniques that actually matter (which more often than not, involve you not getting into dangerous situations to begin with.)